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Period for Reply 
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THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36 (a). In no event, however, may a reply be timely filed after SIX (6) MONTHS from the 
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- Any reply received by the Office later than three months after the mailing date of this communication, even rf timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1; 453 O.G. 213. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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Art Unit: 2155 

DETAILED ACTION 

1. Claims 1-39 are presented for examination. 

Claim Rejections - 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application by 
another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title 
before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) do not apply to the examination of this application as the application being examined was 
not (1) filed on or after November 29, 2000, or (2) voluntarily published under 35 U.S.C. 122(b). 
Therefore, this application is examined under 35 U.S.C. 102(e) prior to the amendment by the 
AIPA (pre-AIPA 35 U.S.C. 102(e)). 

3. Claims 1-5, 7-19 and 21-39 are rejected under 35 U.S.C. 102(e) as being clearly 
anticipated by Wiser et al., US Pat. No.6,385,596. 

As to claim 1, Wiser discloses: requesting a http file on a http server (122 fig. IB), retrieving 
conforming client data (126 fig.lA), inputting said conforming client data into a http client 
authentication object (see abstract, fig.lA, IB, col.5 line 43 t ocol.7 line 26), transmitting the http 
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client authentication object and storing the http client authentication object in a storage means 
on a http client computer means (see col.9 line 39 to col.l 1 line 62, col. 12 lines 12-54 and col. 18 
line 5 to col. 19 line 60). 

As to claim 2, Wiser discloses the conforming client data is retrieved from the http client or a 
storage means on which client data is stored (see col. 18 line 5 to col. 19 line 60). 

As to claim 3, Wiser discloses the conforming client data is the client's IP address or password 
(see col. 16 line 4 to col. 19 line 59). 

As to claims 4 and 5, Wiser discloses encrypting the client password before inputting the 
password into the client authentication object and hashing the client password prior to inputting 
(see col. 16 line 4 to col. 19 line 60). 

As to claim 7, Wiser discloses the conforming client data is a digital signature of the http client 
on the time-stamp and the inputting is by the client or the http server (see col.20 line 10 to col.21 
line 64). 

As to claim 8, Wiser discloses encrypting the conforming client data after retrieving conforming 
client data from the http client see col. 16 line 4 to col. 19 line 59). 
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As to claims 9 and 10, Wiser discloses encrypting the conforming client data using a public-key 
provided by the http server, wherein said encrypting is performed after retrieving conforming 
client data from the http client and can be decrypted by the http server using a private-key (see 
col.10 line 13 t ocol.12 line 54 and col.16 line 4 to col.19 line 59). 

As to claims 1 1 and 12, Wiser discloses: encrypting the conforming client data using a 
secret-key, wherein said encrypting is performed after retrieving conforming client data from the 
http client and be decrypted by the http server using a secret-key (see col.10 line 13 t ocol. 12 line 
54, col.16 line 4 to col.19 line 59 and col.21 lines 4-67). 

As to claim 13, Wiser discloses: obtaining client data (see abstract, col. 5 line 43 to col. 7 line 26), 
encrypting the client data to form encrypted client data and inputting the encrypted client data 
into a http confidential object (see col.9 line 13 to col. 12 line 59 and col.19 lines 1 1-60). 

As to claim 14, Wiser discloses the client data is credit card data, social security number, or a 
home address (see col. 17 line 6 to col. 18 line 65). 

As to claims 15 and 16, Wiser discloses the encrypting is accomplished using a public-key and 
private key provided by the http server (see col.10 line 13 to col. 12 line 54 and col.19 lines 11- 
60). 
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Claims 17 and 18 are rejected for the same reasons set forth in claims 1 land 12 respectively. 

As to claim 19, Wiser discloses: retrieving an authentication object from a http client (see col.9 
line 39 to col.l 1 line 62 and col. 18 line 5 tocol.19 line 60) and comparing the retrieved 
authentication object with conforming client data to determine whether retrieved authentication 
object contains the same conforming client data (i.e., using the delivery server to verify requests 
and forwarding to the content manager for authentication, fig.lA, IB, col.4 line 39 to col.l 1 line 
62 and col. 12 line 12 to col. 13 line 63). 

As to claim 21, Wiser discloses comparing the retrieved authentication object is decrypting 
encrypted conforming client data and determining whether the decrypted conforming client data 
is the same conforming client data inputted by the client in that same session or is the same 
conforming; data retrieved by the http server in that session (see col. 10 line 13 to col. 12 line 54 
and col. 19 lines 1 1-60 and col.21 lines 4-67). 

Claim 22 is rejected for the same reasons set forth in claim 7. 

As to claim 23, Wiser discloses comparing the retrieved authentication object is verifying the 
digital signature using a public-key and determining whether the digital signature is the http 
client's digital signature (see col.20 line 10 to col.21 line 64 and col.25 line 5 to col.26 line 53). 
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Claim 24 is rejected for the same reasons set forth in claim 1 . As to the added limitations, Wiser 
further discloses creating integrity data from one or more http client objects (see abstract, col. 5 
line 43 to col.7 line 26 and col. 12 line 59). 

As to claim 25, Wiser discloses the integrity data is created by public-key based cryptography of 
the one or more http client objects (see col. 10 line 13 to col. 12 line 54 and col. 19 lines 11-60). 

As to claim 26, Wiser discloses the public-key based cryptography is a digital signature of the 
http server on a message, digest of the one or more http client objects (see col.20 line 10 to col. 21 
line 64 and col.25 line 5 to col.26 line 53). 

As to claim 27, Wiser discloses the integrity data is a created by secret-key based cryptography 
of the one or more http client objects (see col.10 line . 13 to col. 12 line 54 and col.21 lines 4-67). 

As to claim 28, Wiser discloses the secret-key based cryptography is keyed-message digest or 
HMAC (see col. 13 line 3 to col. 15 line 61 and col. 17 line 7 to col. 18 line 59). 

As to claim 29, Wiser discloses a http client authentication object and a client object comprising 
client data (see col. 14 line 13 to col. 15 line 61). 
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As to claim 30, 32 and 39, Wiser discloses: a client object comprising clien, a client 
authentication object and a client integrity object (see abstract, fig.l A, IB, col.5 line 43 to col. 7 
line 26 and col. 9 line 13 to col. 12 line 59). 

As to claim 31, Wiser discloses the objects are the objects (see col. 13 line 3 to col. 15 line 61 and 
col. 17 line 7 to col. 18 line 59). 

As to claim 33, Wiser discloses the electronic transaction is an authentication service, electronic 
commerce, pay-per-access, or attribute-based access control (see col.6 line 15 to col.8 line 56 and 
col. 15 line 10 to col. 16 line 56). 

As to claim 34, Wiser discloses: a computer means for requesting a file from a server (122 
fig. IB), a means for receiving secure client objects and a storage means comprising a client 
authentication object (see col.12 lines 12-54 and col.18 line 5 to col. 19 line 60). 

As to claim 35, Wiser discloses a client authentication object and a client integrity object (see 
col.12 line 12 to col. 13 line 63). 

As to claim 36, Wiser discloses requesting a file from a server is an executable program (see 
col. 15 line 19 to col. 16 line 65). 




f 
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Claim 37 is rejected for the same reasons set forth in claim 1 . As to the added limitations, Wiser 
further discloses a transfer means for transferring a client object to a client system (see col. 9 line 
13 to col.12 line 59 and col.18 line 5 to col.19 line 59). 

As to claim 38, Wiser discloses the client object means further comprising a means for inputting 
a client integrity object (see col.18 line 5 to col.19 line 60). 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out 
the inventor and invention dates of each claim that was not commonly owned at the time a later 
invention was made in order for the examiner to consider the applicability of 35 U.S.C. 103(c) 
and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 103(a). 

5. Claims 6 and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Weiser 
US pat. No.6,385,5976 in view of Klingman US pat. No.5,729,594. 

Wesiser's teachings still applied as in item 3 above. Wiser further discloses the 



Claim Rejections - 35 USC § 103 



conforming client data is the client's DP address, password or digital signature of the client (see 
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col. 16 line 4 to col. 19 line 60). Wiser does not specifically disclose a Kerberos ticket. However, 
the use of Kerberos ticket in cryptography is generally well known in the art as disclosed by 
Klingman (see col. 3 lines 6-59). It would have been obvious if not inherent to one of the 
ordinary skill in the art at the time the invention was made to utilize such well known feature in 
the computer network of Wiser support secure online transactions because it would have allowed 
registered users to write electronic checks to other users securely (see Klingman 5 s col. 3 lines 5- 
60). 



6. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 



a. O'Neiletal. US patent no.5,987,440. 

b. Ramasubramani et al., US patent no. 6,233, 577. 

c. Derby, US pat. No.6,3 14,521. 

d. Herman et al, US apt. No.6,341,353. 

e. Klingman, US pat. No.5,729,594. 



Other prior art cited 



Conclusion 



7. 



Claims 1-39 are rejected. 



* 
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8. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Khanh Dinh whose telephone number is (703) 308-8528. The examiner 
can normally be reached on Monday through Friday from 8:00 A.m. to 5:00 P.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh, can be reached on (703) 305-9648. The fax phone numbers for this 
group are: 



A shortened statutory period for reply is set to expire THREE months from the mailing 
date of this communication. Failure to response within the period for response will cause the 
application to become abandoned (35 U.S.C . Sect. 133). Extensions of time may be obtained 
under the provisions of 37 CFR 1.136(A). 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the Group receptionist whose telephone number is (703) 305 -9600. 



After Final: 



(703) 746-7239 



Official: 



(703) 746-7239 



Non-Official/ Draft: (703) 746-7240 



Khanh Dinh 
Patent Examiner 
Art Unit 2155 
7/10/2002 
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